Security

WormGPT - How cybercriminals use the AI tool

Tarek Baish Porträtfoto Tarek Baish

13. Sep 2023 | 2 min.

The introduction of ChatGPT generated a lot of hype; after only five days there were more than one million users. After two months, there were already over a hundred million users.

Artificial intelligence (AI) can make many things possible and can be used in different ways. On the one hand, it simplifies everyday life, but on the other hand, cybercriminals have also discovered AI for themselves and their scams. It is used for the development of new malware, vulnerability analyses, exploits and especially for phishing e-mails. The developers of ChatGPT have already set limits to the technology to restrict illegal and unethical uses, which is not easy with the automatic “learning process” of artificial intelligence.

However, cybercriminals are often able to circumvent these limits, e.g. through so-called “jailbreaks”. This involves tricking the AI into overstepping its boundaries and revealing illegal information. This is just one of many ways AI is used by cybercriminals.

image

What is WormGPT?

A new AI technology has spread among cybercriminals called WormGPT. It is based on the open-source GPT-J language model and takes phishing attacks to a new level by using Business E-mail Compromise (BEC) as an attack vector. The tool can be used to create texts that are tailored directly to the victim and make a particularly convincing impression by using human-like features. The AI enables the attackers to create e-mails in different languages and perfect them for illegal purposes

„The developers of ChatGPT have already set limits to the technology [....] which is not easy with the automatic "learning process" of artificial intelligence.“

How to minimize the risk

The risks can be prevented with a holistic cyber security strategy. First and foremost, intrusion and detection systems (IDS / IPS), which can be operated in the company’s own IT or also used by service providers, protect against AI-based attacks. These systems detect data streams in the network that differ from normal operation and generate an alarm message in the system.

A much more precise solution for the detection of anomalies is the introduction or use of a Security Operation Centre, or SOC for short. The SOC has the task of monitoring and analyzing threat states and, if possible, initiating countermeasures.

The use of a SIEM or SOAR solution also helps to detect and defend against attacks. A SIEM is a system that detects anomalies and triggers an alarm but requires a manual response. This is in contrast to SOAR, which also receives alerts but responds automatically to prevent the threat.

It is also crucial to implement effective preventive measures. Other strategies that companies can use to detect attacks include specific training aimed at “business email compromise”, for example. Companies should therefore develop comprehensive, regular and up-to-date training programmes that target AI-based BECs. As an ongoing part of professional development, these trainings should highlight the methods and approaches of cybercriminals to better understand the tactics of attackers.

Sources and Inspiration

https://www.golem.de/news/chatbot-fuer-cyberkriminelle-wormgpt-generiert-aeusserst-ueberzeugende-phishing-mails-2307-175894.html (Status 29.08.2023)
https://slashnext.com/blog/wormgpt-the-generative-ai-tool-cybercriminals-are-using-to-launch-business-email-compromise-attacks/ (Status 29.08.2023)

Discover more blog articles

Michael Robertz und Ronny Stein beim Interview
Company & Culture

We are avodaq: Michi & Ronny in conversation

avodaq | 12. December 2023
Account Manager Louis bei seinem Hobby, der Imkerei
Company & Culture

We Are avodaq: Louis and His Bee Colonies

avodaq | 04. July 2024
Inga Vogel, Head of Marketing bei avodaq, mit ihrem Fahrrad in Hamburg
Company & Culture

We are avodaq: Interview with Head of Marketing Inga

avodaq | 04. October 2023